aboutsummaryrefslogtreecommitdiffstats
path: root/config/dansguardian
diff options
context:
space:
mode:
Diffstat (limited to 'config/dansguardian')
-rwxr-xr-xconfig/dansguardian/dansguardian.inc172
-rw-r--r--config/dansguardian/dansguardian.php34
-rwxr-xr-xconfig/dansguardian/dansguardian_groups.xml39
-rw-r--r--config/dansguardian/dansguardian_ldap.php43
-rwxr-xr-xconfig/dansguardian/dansguardian_sync.xml26
5 files changed, 222 insertions, 92 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 8177fe3f..39282409 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -90,7 +90,7 @@ function check_ca_hashes(){
}
}
-function sync_package_dansguardian($via_rpc=false,$install_process=false) {
+function sync_package_dansguardian($via_rpc="no",$install_process=false) {
global $config,$g;
# detect boot process
@@ -101,8 +101,13 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
$boot_process="on";
}
- if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false)
+ if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc=="no"){
+ log_error("[Dansguardian] - Detected boot process pr:".is_process_running('dansguardian')." bp:".isset($boot_process)." rpc:".$via_rpc);
return;
+ }
+ else{
+ log_error("[Dansguardian] - Save settings package call pr:".is_process_running('dansguardian')." bp:".isset($boot_process)." rpc:".$via_rpc);
+ }
#assign xml arrays
if (!is_array($config['installedpackages']['dansguardian']))
@@ -718,6 +723,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
'urlacl'=> "Default",
'group_options' => "scancleancache,infectionbypasserrorsonly",
'reportinglevel'=>'3',
+ 'group_name_source'=>'name',
'mode'=> "1",
'report_level'=>"global");
@@ -921,7 +927,8 @@ EOF;
#check blacklist download files
if ($install_process == true){
require_once("/usr/local/www/dansguardian.php");
- fetch_blacklist(false);
+ fetch_blacklist(false,true);
+ update_output_window("Blacklist check done, continuing package config sync.");
}
else{
if ($dansguardian_blacklist['cron']=="force_download"){
@@ -956,7 +963,6 @@ EOF;
$daemongroup = 'nobody';
}
$filtergroups=($count > 1?($count -1):1);
-
$filterip="";
$filterports="";
foreach (explode(",", $dansguardian['interface']) as $i => $iface) {
@@ -974,7 +980,7 @@ EOF;
$cron_found=0;
if (is_array($config['cron']['item']))
foreach($config['cron']['item'] as $cron)
- if (preg_match("@".DANSGUARDIAN_DIR."/(bin.freshclam|www/dansguardian)@",$cron["command"]))
+ if (preg_match("@(".DANSGUARDIAN_DIR."|/usr/local)/(bin.freshclam|www/dansguardian)@",$cron["command"]))
$cron_found++;
else
$new_cron['item'][]=$cron;
@@ -1057,6 +1063,7 @@ EOF;
$cron_cmd="/usr/local/bin/php /usr/local/www/dansguardian_ldap.php";
if (is_array($config['installedpackages']['dansguardiangroups']['config']))
foreach ($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){
+ $dans_group_source=($dansguardian_groups['groupnamesource'] !="" ? $dansguardian_groups['groupnamesource'] : "name");
if(preg_match('/(\d+)m/',$dansguardian_groups['freq'],$matches)){
$new_cron['item'][]=array( "minute" => "*/".$matches[1],
"hour" => "*",
@@ -1064,7 +1071,7 @@ EOF;
"month" => "*",
"wday" => "*",
"who" => "root",
- "command"=> $cron_cmd." ".$dansguardian_groups['name']);
+ "command"=> "{$cron_cmd} $dans_group_source '{$dansguardian_groups[$dans_group_source]}'");
$config['cron']=$new_cron;
$cron_found++;
}
@@ -1075,7 +1082,7 @@ EOF;
"month" => "*",
"wday" => "*",
"who" => "root",
- "command"=> $cron_cmd." ".$dansguardian_groups['name']);
+ "command"=> "{$cron_cmd} $dans_group_source '{$dansguardian_groups[$dans_group_source]}'");
$config['cron']=$new_cron;
$cron_found++;
}
@@ -1084,7 +1091,6 @@ EOF;
conf_mount_rw();
write_config();
-
#update cron
if ($cron_found > 0){
$config['cron']=$new_cron;
@@ -1108,19 +1114,15 @@ EOF;
#check virus_scanner options
$libexec_dir= DANSGUARDIAN_DIR."/libexec/dansguardian/";
- if (preg_match("/clamd/",$dansguardian_config['content_scanners'])){
+ if ($install_process==true)
+ update_output_window("Skipping clamav check during package install.");
+ if (preg_match("/clamd/",$dansguardian_config['content_scanners']) && $install_process==false){
if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){
file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.","");
log_error('No antivirus database found for clamav, running freshclam in background. Content-scanner may not work until freshclam finishes.');
mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam && /usr/local/etc/rc.d/clamav-clamd');
}
-
- $match=array();
- $match[0]='/NO/';
- $replace=array();
- $replace[0]='YES';
-
#clamdscan.conf dansguardian file
$cconf=DANSGUARDIAN_DIR . "/etc/dansguardian/contentscanners/clamdscan.conf";
$cconf_file=file_get_contents($cconf);
@@ -1128,7 +1130,6 @@ EOF;
$cconf_file=preg_replace('/#clamdudsfile/','clamdudsfile',$cconf_file);
file_put_contents($cconf, $cconf_file, LOCK_EX);
}
-
#clamd conf file
$cconf=DANSGUARDIAN_DIR."/etc/clamd.conf";
$cconf_file=file_get_contents($cconf);
@@ -1136,6 +1137,11 @@ EOF;
#clamd script file
$script='/usr/local/etc/rc.d/clamav-clamd';
$script_file=file($script);
+ $new_clamav_startup="";
+ $cpreg_m[0]="@NO@";
+ $cpreg_m[1]="@/usr/local@";
+ $cpreg_r[0]="YES";
+ $cpreg_r[1]=DANSGUARDIAN_DIR;
foreach ($script_file as $script_line){
if(preg_match("/command=/",$script_line)){
$new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n";
@@ -1147,12 +1153,12 @@ EOF;
$new_clamav_startup.=$script_line;
}
elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) {
- $new_clamav_startup.=preg_replace("/NO/","YES",$script_line);
- $new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$script_line);
+ $new_clamav_startup.=preg_replace($cpreg_m,$cpreg_r,$script_line);
}
}
file_put_contents($script, $new_clamav_startup, LOCK_EX);
chmod ($script,0755);
+
if (file_exists('/var/run/dansguardian.pid') && is_process_running('clamd')){
log_error('Stopping clamav-clamd');
mwexec("$script stop");
@@ -1164,8 +1170,7 @@ EOF;
mwexec_bg("$script start");
}
}
- }
-
+ }
#check certificate hashed
$script='/usr/local/etc/rc.d/dansguardian.sh';
@@ -1200,23 +1205,58 @@ EOF;
#mount read only
conf_mount_ro();
+
#avoid sync during boot process
- if (!isset($boot_process)){
- $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
- if(!$synconchanges && !$syncondbchanges)
- return;
- log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting.");
- foreach ($config['installedpackages']['dansguardiansync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
+ if (!isset($boot_process) || $via_rpc=="yes"){
+ /* Uses XMLRPC to synchronize the changes to a remote node */
+ if (is_array($config['installedpackages']['dansguardiansync']['config'])){
+ $dans_sync=$config['installedpackages']['dansguardiansync']['config'][0];
+ $synconchanges = $dans_sync['synconchanges'];
+ $synctimeout = $dans_sync['synctimeout'];
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($dans_sync[row])){
+ $rs=$dans_sync[row];
+ }
+ else{
+ log_error("[Dansguardian] xmlrpc sync is enabled but there is no hosts to push on dansguardian config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+ $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['ipaddress']=$system_carp['synchronizetoip'];
+ $rs[0]['username']=$system_carp['username'];
+ $rs[0]['password']=$system_carp['password'];
+ if (! is_ipaddr($system_carp['synchronizetoip'])){
+ log_error("[Dansguardian] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ }
+ else{
+ log_error("[Dansguardian] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ if (is_array($rs)){
+ log_error("[Dansguardian] xmlrpc sync is starting.");
+ foreach($rs as $sh){
$sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- $sync_type = $sh['sync_type'];
+ $password = $sh['password'];
+ $username = ($sh['username']?$sh['username']:"admin");
if($password && $sync_to_ip)
- dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type);
+ dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout);
}
+ log_error("[Dansguardian] xmlrpc sync is ending.");
}
- log_error("[dansguardian] dansguardian_xmlrpc_sync.php is ending.");
- }
+ }
+ }
+
}
function dansguardian_validate_input($post, &$input_errors) {
@@ -1242,7 +1282,7 @@ function dansguardian_validate_input($post, &$input_errors) {
}
function dansguardian_php_install_command() {
- sync_package_dansguardian(false,true);
+ sync_package_dansguardian("no",true);
}
function dansguardian_php_deinstall_command() {
@@ -1260,15 +1300,21 @@ function dansguardian_php_deinstall_command() {
}
}
-function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
+function dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) {
global $config, $g;
+ if(!$username)
+ return;
+
if(!$password)
return;
if(!$sync_to_ip)
return;
+ if(!$synctimeout)
+ $synctimeout=30;
+
$xmlrpc_sync_neighbor = $sync_to_ip;
if($config['system']['webgui']['protocol'] != "") {
$synchronizetoip = $config['system']['webgui']['protocol'];
@@ -1286,28 +1332,26 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
/* xml will hold the sections to sync */
$xml = array();
- $sync_xml=$config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
- if ($sync_xml){
- log_error("Include dansguardian config");
- $xml['dansguardian'] = $config['installedpackages']['dansguardian'];
- $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl'];
- $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig'];
- $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist'];
- $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap'];
- $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl'];
- $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl'];
- $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups'];
- $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl'];
- $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits'];
- $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog'];
- $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl'];
- $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl'];
- $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl'];
- $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl'];
- $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl'];
- $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers'];
+ log_error("Include dansguardian config");
+ $xml['dansguardian'] = $config['installedpackages']['dansguardian'];
+ $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl'];
+ $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig'];
+ $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist'];
+ $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap'];
+ $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl'];
+ $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl'];
+ $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups'];
+ $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl'];
+ $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits'];
+ $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog'];
+ $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl'];
+ $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl'];
+ $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl'];
+ $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl'];
+ $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl'];
+ $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers'];
+ $xml['dansguardianips'] = $config['installedpackages']['dansguardianips'];
- }
if (count($xml) > 0){
/* assemble xmlrpc payload */
$params = array(
@@ -1321,18 +1365,18 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
if($g['debug'])
$cli->setDebug(1);
- /* send our XMLRPC message and timeout after 30 seconds */
- $resp = $cli->send($msg, "30");
+ /* send our XMLRPC message and timeout after $synctimeout seconds */
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "30");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
@@ -1343,7 +1387,7 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
/* tell dansguardian to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/dansguardian.inc');\n";
- $execcmd .= "sync_package_dansguardian(true);";
+ $execcmd .= "sync_package_dansguardian('yes');";
/* assemble xmlrpc payload */
$params = array(
@@ -1354,15 +1398,15 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
log_error("dansguardian XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "30");
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "30");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
@@ -1372,4 +1416,4 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
}
}
-?>
+?> \ No newline at end of file
diff --git a/config/dansguardian/dansguardian.php b/config/dansguardian/dansguardian.php
index d4dcf46c..b9c972a1 100644
--- a/config/dansguardian/dansguardian.php
+++ b/config/dansguardian/dansguardian.php
@@ -39,11 +39,19 @@ require_once("/etc/inc/pkg-utils.inc");
require_once("/etc/inc/globals.inc");
require_once("/usr/local/pkg/dansguardian.inc");
-function fetch_blacklist($log_notice=true) {
+function fetch_blacklist($log_notice=true,$install_process=false) {
global $config,$g;
- $url=$config['installedpackages']['dansguardianblacklist']['config'][0]['url'];
- if (is_url($url)) {
- conf_mount_rw();
+ if (is_array($config['installedpackages']['dansguardianblacklist']) && is_array($config['installedpackages']['dansguardianblacklist']['config'])){
+ $url=$config['installedpackages']['dansguardianblacklist']['config'][0]['url'];
+ $uw="Found a previouns install, checking Blacklist config...";
+ }
+ else{
+ $uw="Found a clean install, reading default access lists...";
+ }
+ conf_mount_rw();
+ if ($install_process == true)
+ update_output_window($uw);
+ if (isset($url) && is_url($url)) {
if ($log_notice==true){
print "file download start..";
unlink_if_exists("/usr/local/pkg/blacklist.tgz");
@@ -82,11 +90,13 @@ function fetch_blacklist($log_notice=true) {
}
}
else {
- if (!empty($url))
+ if ($install_process==true)
+ read_lists(false,$uw);
+ elseif (!empty($url))
file_notice("Dansguardian - Blacklist url is invalid.","");
}
}
-function read_lists($log_notice=true){
+function read_lists($log_notice=true,$uw=""){
global $config,$g;
$group_type=array();
$dir=DANSGUARDIAN_DIR . "/etc/dansguardian/lists";
@@ -152,12 +162,14 @@ function read_lists($log_notice=true){
$edit_file=preg_replace('/size.19/','size>5',$edit_file);
file_put_contents("/usr/local/pkg/dansguardian_".$edit_xml."_acl.xml",$edit_file,LOCK_EX);
}
- if($log_notice==true)
- file_notice("Dansguardian - Blacklist applied, check site and URL access lists for categories","");
- #foreach($config['installedpackages'] as $key => $values)
- # if (preg_match("/dansguardian(phrase|black|white)lists/",$key))
- # print "$key\n";
write_config();
+ if($log_notice==true && $uw==""){
+ file_notice("Dansguardian - Blacklist applied, check site and URL access lists for categories","");
+ }
+ else{
+ $uw.="done\n";
+ update_output_window($uw);
+ }
}
if ($argv[1]=="update_lists")
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index fc9ff8a8..aaa9bcd6 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -386,10 +386,20 @@
<type>listtopic</type>
</field>
<field>
+ <fielddescr>LDAP group name source</fielddescr>
+ <fieldname>groupnamesource</fieldname>
+ <description><![CDATA[ This option determines where to look for LDAP group/OU name.]]></description>
+ <type>select</type>
+ <options>
+ <option><name>Dansguardian Group Name(default)</name><value>name</value></option>
+ <option><name>Dansguardian Group Description</name><value>description</value></option>
+ </options>
+ </field>
+ <field>
<fielddescr>LDAP</fielddescr>
<fieldname>ldap</fieldname>
- <description><![CDATA[Select Active directory servers to extract users from<br>
- The group must has the same name in dansguardian and on active directory<br>
+ <description><![CDATA[Select LDAP servers to extract users from<br>
+ The group must has the same name( or description) in dansguardian and on active directory<br>
<strong>This is not aplicable for default group</strong>]]></description>
<type>select_source</type>
<size>05</size>
@@ -399,6 +409,31 @@
<source_value>dc</source_value>
</field>
<field>
+ <fielddescr>LDAP user account status</fielddescr>
+ <fieldname>useraccountcontrol</fieldname>
+ <description><![CDATA[Import only users with these account status. Leave empty to do not check account status.]]></description>
+ <type>select</type>
+ <options>
+ <option><name>Normal (code 512)</name><value>512</value></option>
+ <option><name>Disabled Account (code 514)</name><value>514</value></option>
+ <option><name>Account is Disabled (code 2)</name><value>2</value></option>
+ <option><name>Account Locked Out (code 16)</name><value>16</value></option>
+ <option><name>Entered Bad Password (code 17)</name><value>17</value></option>
+ <option><name>No Password is Required(code 32)</name><value>32</value></option>
+ <option><name>Password CANNOT Change(code 64)</name><value>64</value></option>
+ <option><name>Password has Expired (code 8388608)</name><value>8388608</value></option>
+ <option><name>Account will Never Expire (code 65536)</name><value>65536</value></option>
+ <option><name>Enabled and Does NOT expire Paswword (code 66048)</name><value>66048</value></option>
+ <option><name>Server Trusted Account for Delegation (code 8192)</name><value>8192</value></option>
+ <option><name>Trusted Account for Delegation (code 524288)</name><value>524288</value></option>
+ <option><name>Enabled, User Cannot Change Password, Password Never Expires (code 590336)</name><value>590336</value></option>
+ <option><name>Normal Account, Password will not expire and Currently Disabled (code 66050)</name><value>66050</value></option>
+ <option><name>Account Enabled, Password does not expire, currently Locked out (code 66064)</name><value>66064</value></option>
+ </options>
+ <multiple/>
+ <size>16</size>
+ </field>
+ <field>
<fielddescr>Update frequency</fielddescr>
<fieldname>freq</fieldname>
<description><![CDATA[How often extract users from active directory and verify changes<br>
diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php
index 33cbee91..01d4764e 100644
--- a/config/dansguardian/dansguardian_ldap.php
+++ b/config/dansguardian/dansguardian_ldap.php
@@ -56,6 +56,7 @@ function get_ldap_members($group,$user,$password) {
global $ldap_host;
global $ldap_dn;
$LDAPFieldsToFind = array("member");
+ print "{$ldap_host} {$ldap_dn}\n";
$ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP");
// OPTIONS TO AD
@@ -64,7 +65,10 @@ function get_ldap_members($group,$user,$password) {
ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP");
- $results = ldap_search($ldap,$ldap_dn,"cn=" . $group,$LDAPFieldsToFind);
+ //check if group is just a name or an ldap string
+ $group_cn=(preg_match("/cn=/i",$group)? $group : "cn={$group}");
+
+ $results = ldap_search($ldap,$ldap_dn,$group_cn,$LDAPFieldsToFind);
$member_list = ldap_get_entries($ldap, $results);
$group_member_details = array();
@@ -77,7 +81,8 @@ function get_ldap_members($group,$user,$password) {
$member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")");
$member_details = ldap_get_entries($ldap, $member_search);
$group_member_details[] = array($member_details[0]['samaccountname'][0],
- $member_details[0]['displayname'][0]);
+ $member_details[0]['displayname'][0],
+ $member_details[0]['useraccountcontrol'][0]);
}
ldap_close($ldap);
array_shift($group_member_details);
@@ -96,11 +101,12 @@ $apply_config=0;
if (is_array($config['installedpackages']['dansguardiangroups']['config']))
foreach($config['installedpackages']['dansguardiangroups']['config'] as $group) {
#ignore default group
- if ($id > 0)
- if ($argv[1] == "" || $argv[1] == $group['name']){
+ if ($id > 0){
+ $ldap_group_source=(preg_match("/description/",$argv[1]) ? "description" : "name");
+ if ($argv[2] == $group[$ldap_group_source]){
$members="";
$ldap_servers= explode (',',$group['ldap']);
- echo "Group : " . $group['name']."\n";
+ echo "Group : {$group['name']}({$group['description']})\n";
if (is_array($config['installedpackages']['dansguardianldap']['config']))
foreach ($config['installedpackages']['dansguardianldap']['config'] as $server){
if (in_array($server['dc'],$ldap_servers)){
@@ -113,18 +119,28 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config']))
$ldap_username=$server['username'];
#$domainuser=split("cn=",$server['username']);
#$ldap_username=preg_replace("/,\./","@",$domainuser[1].preg_replace("/(,|)DC=/i",".",$server['dn']));
- $result = get_ldap_members($group['name'],$ldap_username,$server['password']);
- foreach($result as $key => $value) {
- if (preg_match ("/\w+/",$value[0])){
+ $result = get_ldap_members($group[$ldap_group_source],$ldap_username,$server['password']);
+ if ($group['useraccountcontrol'] !="")
+ $valid_account_codes=explode(",",$group['useraccountcontrol']);
+ foreach($result as $mvalue) {
+ if (preg_match ("/\w+/",$mvalue[0])){
#var_dump($value);
- $name= preg_replace('/[^(\x20-\x7F)]*/','', $value[1]);
+ $name= preg_replace("/&([a-z])[a-z]+;/i", "$1", htmlentities($mvalue[1]));//preg_replace('/[^(\x20-\x7F)]*/','', $mvalue[1]);
$pattern[0]="/USER/";
$pattern[1]="/,/";
$pattern[2]="/NAME/";
- $replace[0]=$value[0];
+ $replace[0]=$mvalue[0];
$replace[1]="\n";
$replace[2]="$name";
- $members .= preg_replace($pattern,$replace,$mask)."\n";
+
+ if (is_array($valid_account_codes)){
+ if (in_array($mvalue[2],$valid_account_codes,true))
+ $members .= preg_replace($pattern,$replace,$mask)."\n";
+ }
+ else
+ {
+ $members .= preg_replace($pattern,$replace,$mask)."\n";
+ }
}
}
}
@@ -144,8 +160,9 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config']))
$apply_config++;
}
}
- }
- $id++;
+ }
+ }
+ $id++;
}
if ($apply_config > 0){
print "User list from LDAP is different from current group, applying new configuration...";
diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml
index 7f714051..9401253c 100755
--- a/config/dansguardian/dansguardian_sync.xml
+++ b/config/dansguardian/dansguardian_sync.xml
@@ -104,8 +104,30 @@
<field>
<fielddescr>Automatically sync dansguardian configuration changes</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>pfSense will automatically sync changes to the hosts defined below.</description>
- <type>checkbox</type>
+ <description>Select a sync method for dansguardian.</description>
+ <type>select</type>
+ <required/>
+ <default_value>auto</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Sync timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description>Select sync max wait time</description>
+ <type>select</type>
+ <required/>
+ <default_value>250</default_value>
+ <options>
+ <option><name>250 seconds(Default)</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>30 seconds</name><value>30</value></option>
+ </options>
</field>
<field>
<fielddescr>Remote Server</fielddescr>
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-06 23:20:37 +0000